KeeneticOS updates — Main Channel

The new Multi-AP backhaul compatibility option for Range Extender mode allows extension of the wireless coverage of a non-Keenetic Mesh enabled device that requires transmission of Wi-Fi data frames in the 4-address format. [NWI-1468]

Additional USB modems are now supported, including:

Added support for the Dell DW5829e 4G LTE Cat9 USB QMI modem module. [NDM-2400]

The new Fail-safe configuration mode lets you change Keenetic's settings from anywhere without worrying that you'll lose control by choosing the wrong settings. If a remote management session terminates abnormally, the device will automatically reboot in three minutes, and undo the changes. [NWI-1429, NDM-1945, NDM-1844]

Additional USB modems are now supported, including:

The Fast Leave option provides a quick switch between IPTV channels via an IGMP proxy when supported by the ISP. [NDM-2375]

You can use the following command in the CLI:

On the Connection priorities page, the new colour-coded states option will display the current state for each connection. There are three colours available: [NWI-1326]

The new Enable multipath option is now available on the Connection priorities page. You can automatically balance the throughput among included connections by switching the custom Connection Policy to the Multipath mode. [NWI-1328]

On the General system settings page, there is now a checkbox that allows you to enable the SNTP service for the local network. [NWI-1330]

The new SNTP (Simple Network Time Protocol) server feature provides time synchronization for your LAN applications. [NDM-2338]

Use the following CLI command:

The new Transit requests option of the DNS profile allows profile-linked devices to resolve domain names via the DNS servers requested by the device instead of forcing the resolution via DNS servers specified in the profile. [NWI-1130]

The Software Network Accelerator now offloads IPv6 traffic, including MAP-T and DS-Lite IPv4 over IPv6 traffic, helping to reduce processor load and speed up traffic transfer. [SYS-611]

The new Scan for networks feature provides detailed and graphical information about the networks in the air at the Wi-Fi monitor page. [NWI-1280]

The new Proxy client is available now as a KeeneticOS system component providing Internet access via proxy servers using HTTP, HTTPS and SOCKS v5 protocols. [NDM-2195]

The following CLI commands are available to configure the Proxy client component:

The Proxy connection section is available in the Other connections menu for Internet access via HTTP/HTTPS/SOCKS5 proxy. [NWI-1108]

DS-Lite (IPv6 dual-stack lite) support is now available via automatic IPv4 over IPv6 provisioning, allowing access to IPv4-only enabled resources while the ISP provides a connection with the modern IPv6 protocol. [NDM-2060]

The new TCP/TLS port check mode enhances the Ping Check feature to provide verified protection against Internet access failures. This mode will prevent false-positive results if an ISP redirects traffic to a captive portal, for example, a billing service. [NDM-2094, NWI-1109]

Use the following CLI commands to set:

Or set up via the Web Interface for a required interface:

The new Wi-Fi monitor in the Status section provides a graphical utilization display for the Wi-Fi radio frequency channel currently in use. [NWI-1179]

Added support for the Alcatel MW70 — 4G LTE Cat7 — mobile router. [NDM-2246]

Added basic 5G mode support for the Telit FN980m — 5G and 4G LTE Cat20 — QMI-type modem module. [NDM-2260]

The new AT command terminal for UsbLte, and UsbQmi modems in the command-line interface (CLI) provides ultimate flexibility for additional modem statistics and configuration options. [NDM-2266]

Use the following CLI command:

For example, here are the results of two AT commands, ATI and AT+QTEMP, for the Quectel EP06-E modem as a UsbQmi0 modem interface.

The MiniUPnPd service no longer restarts after a DHCP lease update on a WAN connection. [NDM-2459]

The calculation of the RSSI value for Fibocom L850-GL/L860-GL USB modem modules has been improved. [NDM-2416]

The OpenSSL library is updated to the latest version 3.0.7, fixing the CVE-2022-3602 and CVE-2022-3786 vulnerabilities. [SYS-669]

Internal Firewall rules have been updated to allow usage of the DHCPv6 relay agent. [NDM-2410]

The new relay multicast DNS (mDNS) option is now available in segment settings allowing transmission of mDNS messages between all segments. [NWI-1368]

The Wi-Fi channels used by Keenetic itself are highlighted now on the diagram and table on the Wi-Fi monitor page. [NWI-1389]

Disable the use of DNS servers from the mobile operator for the UsbQmi and UsbLte modem interfaces by using the CLI command no mobile name-servers. [NDM-2374]

The Wi-Fi monitor page has received several design improvements and changes. [NWI-1325]

Both DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) now support the IPv6 protocol. [NDM-2344]

NextDNS content filtering now uses the IPv6 protocol when available. [NDM-2345]

The Internet Checker service (show internet status) now inspects the Internet availability via both IPv6 and IPv4 protocols. [NDM-2348]

The RU/US country code substitution on the 5 GHz Wireless Network has been disabled as an outdated workaround. [SYS-613]

System and user-defined DNS profiles are now available for assignment from the content filtering profiles drop-down list, along with public DNS presets or commercial services, depending on your configuration. [NWI-1129]

Assigned unconditional priority to user-defined DNS profiles over public DNS presets and cloud DNS profiles. [NDM-2323]

Improved security: the DNS requests from blocked devices are now disabled via the DNS-proxy service of the KeeneticOS. [NDM-2321]

The OpenSSL library is updated to the latest version 1.1.1q, fixing the CVE-2022-2097 vulnerability. [NDM-2308]

Added configuration of the custom Web API password for ZTE CDC-type modems, which was introduced in the KeeneticOS 3.8 Alpha 2 version. [NDM-2198]

The new IPv4 over IPv6 provisioning section in the Other connections menu displays configuration details for the MAP-T and DS-lite protocols. [NWI-1106]

The OpenVPN service is updated to a new version, 2.6.0. [SYS-579]

The link position of the edit schedule displays appropriately on mobile screens. [NWI-1463]

The network topology picture from the Extender mode now displays correctly on mobile screens. [NWI-1477]

The AFP file sharing system component is updated, fixing the CVE-2022-23125 vulnerability. [SYS-681]

The L2TP/IPsec VPN server configuration now applies as expected. [NDM-2495]

The authorization of Windows clients has been fixed for the captive portal Spot4 service. [NDM-2383]

Changing the state of the underlying interface for WireGuard VPN no longer causes a system reboot. [NDM-2424]

In the case of switching from backup to the primary WAN connection, network sessions are cleared, ensuring correct routing via the primary connection. [NDM-2456]

Compatibility of the MTS 824FT (Hilink) USB modem is now restored. [NDM-2470]

The Transit requests option now works as expected. [NDM-2479]

Mobile data connection from a smartphone via the Android USB Tethering technology now operates properly. [NDM-2485]

The logo alignment has been fixed for the Login page on mobile screens. [NWI-1387]

The Transit requests option now operates correctly for all available DNS resolution profiles. [NDM-2403]

The cause of periodic VPN IKEv2 tunnel disconnection has been fixed. [NDM-2413]

The text style of the Confirm button is changed so that the text description is better placed for all languages in mobile view. [NWI-1449]

The OpenVPN client and server system component with the new 2.6 version no longer requires an installed IPv6 system component for operation. [NDM-2441]

The connection toggles On/Off on the Other connections page have been fixed, providing better responsiveness. [NWI-1419]

The Save button was missing when editing the speed limit setting; this has been fixed. [NWI-1390]

The SMB file and printer sharing component is compatible with the new OpenSSL 3.0 library. [SYS-627]

The Wake-on-LAN (WoL) option now works properly in network segments with security-level protected settings. [NDM-2385]

When an active dual-stack IPv6 connection is present, KeenDNS IPv4 access in the Direct mode operates correctly. [NDM-2378]

The root CA (Certificate authority) certificate validation has been fixed for legacy Keenetic devices. [SYS-632]

The IPsec service management has been revised to improve stability and operation under heavy system load. This should prevent the system failed [0xcffd00ac], code = 255 error from appearing in the System log. [NDM-624]

The radio signal metrics of Huawei modems, such as SINR, RSRP, and RSRQ, are now displayed correctly. [NDM-2371]

The DHCPv6 stateless mode now operates correctly and propagates DNS server information to DHCPv6 clients. [NDM-2363]

Fixed the Use for accessing the Internet checkbox for WireGuard connections. [NWI-1319]

The button to import PPPoE-settings from previous routers now displays correctly in all the languages of the Web Interface. [NWI-1293]

Fixed the DNS proxy service error causing do_page_fault(): sending SIGSEGV error message in the System log. [SYS-592]

The Connection priority dropdown menu displays a correct list of connections. [NWI-1256]

The DNS servers assigned by the ISP remain operatable when custom DNS servers are in use. [NDM-2265]